package com.yf.shiro;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

/**
 * 重写角色授权过滤器，实现多角色中满足任意一个即可
 * @author yephone
 *
 */
public class AnyRolesAuthorizationFilter extends RolesAuthorizationFilter{
	
	@Override  
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)  
            throws IOException {  
  
        Subject subject = getSubject(request, response);  
        String[] rolesArray = (String[]) mappedValue;  
  
        if (rolesArray == null || rolesArray.length == 0) {  
            // no roles specified, so nothing to check - allow access.  
            return true;  
        }  
  
        for (String roleName : rolesArray) {  
            if (subject.hasRole(roleName)) {  
                return true;  
            }  
        }  
  
        return false;  
    }  

}
